CVE-2022-31629
$_COOKIE names string replacement (. -> _): cookie integrity vulnerabilitiesIn PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
We have discovered 1,052,163 live websites that are affected by CVE-2022-31629.
Contact us to get more info
Affected Software
| |
---|
Product | PHP |
Category | Programming Languages |
Vulnerable Versions | - from 7.4 before 7.4.31
- from 8 before 8.0.24
- from 8.1 before 8.1.11
|
Total Vulnerable Versions | 507 |
Vulnerable Domains | 1,052,163 live websites (8.70% of PHP install base) |
Common Weakness Enumeration
CWE-20 Improper Input Validation
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2022-31629 and the relative popularity of websites